|
247301
|
6.1 |
MEDIUM
Network
|
grafana
netapp
|
grafana
active_iq_performance_analytics_services
storagegrid_webscale_nas_bridge
|
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12099
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247302
|
5.4 |
MEDIUM
Network
|
oecms_project
|
oecms
|
A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12095
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247303
|
5.4 |
MEDIUM
Network
|
dimofinf
|
dimofinf_cms
|
Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12094
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247304
|
7.5 |
HIGH
Network
|
tinyexr_project
|
tinyexr
|
tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-12093
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247305
|
9.8 |
CRITICAL
Network
|
tinyexr_project
|
tinyexr
|
tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-12092
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247306
|
6.1 |
MEDIUM
Network
|
lamsfoundation
|
lams
|
There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter durin…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12090
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247307
|
7.5 |
HIGH
Network
|
octopus
|
octopus_server
|
In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Dir…
|
CWE-200
Information Exposure
|
CVE-2018-12089
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247308
|
7.5 |
HIGH
Network
|
futurxe
|
futurxe
|
The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic e…
|
CWE-20
CWE-191
Improper Input Validation
Integer Underflow (Wrap or Wraparound)
|
CVE-2018-12025
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247309
|
7.5 |
HIGH
Network
|
s3ql_project
|
s3ql
|
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-da…
|
CWE-20
Improper Input Validation
|
CVE-2018-12088
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247310
|
8.8 |
HIGH
Network
|
liblouis
canonical
opensuse
|
liblouis
ubuntu_linux
leap
|
Liblouis 3.6.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12085
|
2024-11-21 12:44 |
2018-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
